CVE-2022-4682 – Lightbox Gallery < 0.9.5 - Contributor+ Stored XSS via Shortcode

https://notcve.org/view.php?id=CVE-2022-4682

04 Jan 2023 — The Lightbox Gallery WordPress plugin before 0.9.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks The Lightbox Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the gallery shortcode in versions up to, and including, 0.9.4 due to insufficient input sanitization and output escaping on the ... • https://wpscan.com/vulnerability/5fc92954-20cf-4563-806e-e7a8e5ccfc72 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •